| From: | Craig Ringer <craig(at)postnewspapers(dot)com(dot)au> |
|---|---|
| To: | Marc-André Laverdière <marc-andre(at)atc(dot)tcs(dot)com> |
| Cc: | pgsql-jdbc(at)postgresql(dot)org |
| Subject: | Re: Support for cert auth in JDBC |
| Date: | 2011-05-19 08:28:17 |
| Message-ID: | 4DD4D4A1.70507@postnewspapers.com.au |
| Views: | Whole Thread | Raw Message | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-jdbc |
On 05/19/2011 04:11 PM, Marc-André Laverdière wrote:
> That's good changes.
> I'm not super keen on the idea of asking the user of providing the type.
> But I'm not gonna fight over that :)
So long as the option exists, I'm happy. I think it's a reasonable idea
to try to auto-detect it by default.
> Now, would you please elaborate on those todos?
Whoops, I never meant to send the code to you with those in it.
The latter one no longer applies, it's resolved.
The first one isn't important for now. The main use case is if you want
to add additional trusted certs without "hiding" the system trust
database. It's a separate task and now that it's possible to pass your
own TrustManager can be done by apps that need it without modifying
AbstractCertAuthFactory at all.
So both may be removed. Thanks for pointing that out.
I'll see if I can put together an example X509TrustManager that tries to
verify trust against an app-supplied KeyStore first and failing that
against the system store. I have one around that I can adapt, but won't
be able to do that immediately as I have to get on with other work.
--
Craig Ringer
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Hiroshi Inoue | 2011-05-19 09:07:12 | Re: Postgres Server Odbc driver compatibility matrix |
| Previous Message | Marc-André Laverdière | 2011-05-19 08:11:28 | Re: Support for cert auth in JDBC |